Menu
Ransom attacks likely to fade as small email providers resist

Ransom attacks likely to fade as small email providers resist

Small email providers are a softer target for cybercriminals

The spate of cyberattacks against email providers is likely to pass with time as they refuse to pay ransoms. But that doesn't mean the attacks haven't cost them.

Since early this month, the list of companies that have been attacked has grown longer: first ProtonMail of Switzerland, followed by HushMail, RunBox, VFEmail, Zoho and FastMail of Australia.

The companies have typically received extortion requests by email asking for 10 or 20 bitcoins in exchange for not being subjected to distributed denial-of-service (DDoS) attacks.

DDoS attacks involve sending a large amount of data traffic to a company's network, causing the service to choke and go offline.

Email is a tough business these days. Smaller providers face competition from mega-companies such as Google, Microsoft and Yahoo, so profit margins from offering premium services can be thin.

That's in part why service disruptions can be harmful. Email services also face more challenges in defending their systems, said Rob Mueller, a director at FastMail in Melbourne.

DDoS attacks over the Web using the HTTP (Hypertext Transfer Protocol) can filtered out using proxy services. The attack traffic flows to a third party, such as a DDoS mitigation service, before it goes to the service provider.

But that technique can't be used for email protocols such as SMTP, IMAP and POP, which can't be proxied in the same way as HTTP web traffic, Mueller said.

There's another solution. An email company needs to have access to 256 IP addresses, known as a class C IP block. The block of addresses can then be used to spread out the attack to that ISP's various points of presence.

The bad traffic can then be scrubbed out, and the good traffic is sent using the GRE (Generic Routing Encapsulation) protocol to the email provider, Mueller said.

But that fix isn't cheap and can cost up to US$10,000 a month. It's what makes email providers "the perfect target for a shakedown," Mueller said in a phone interview. 

By making the ransom less than $10,000, the attackers are sort of hoping that paying a ransom will be a cheaper, albeit short term, option.

It worked one time with ProtonMail. Faced with an escalating attack that affected its ISP and other companies, it paid a ransom. Later, it acknowledged that paying was the wrong move.

FastMail was asked to pay a ransom of 20 bitcoins -- about $6,800 -- before the attacks began around Sunday, Mueller said.

"Just out of principle, we would never pay," he said.

FastMail's ISP, NYI, already had capabilities in place through partners to mitigate the attacks, and it only experienced a mild disruption, Mueller said. FastMail blogged about its experience earlier this week.

Eventually, Mueller thinks those behind the attacks and copycat ones will just move on, as defenses are strengthened and companies refuse to pay.

"The main people making the money will be the DDoS defense providers," he said. "All the attempts to extort money will fail. Most people won't pay."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments